As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
A key component of almost every information handling system is the basic input/output system (BIOS). A BIOS may be a system, device, or apparatus configured to identify, test, and/or initialize one or more information handling resources of an information handling system, typically during boot up or power on of an information handling system. A BIOS may include boot firmware configured to be the first code executed by a processor of an information handling system when the information handling system is booted and/or powered on. As part of its initialization functionality, BIOS code may be configured to set components of the information handling system into a known state, so that one or more applications (e.g., an operating system or other application programs) stored on compatible media may be executed by a processor and given control of the information handling system and its various components.
Because of the importance of a BIOS in the overall execution of an information handling system, many customers of information handling systems demand that vendors of information handling systems assure that information handling systems and the code stored thereon, including but not limited to the BIOS, be free of malicious code upon delivery. Typically, to assure a BIOS free of malicious code, a BIOS is signed with a signature or other uniquely identifying data created based on the content of the BIOS code, such that when later executed, the BIOS is compared to the signature to validate the integrity of the BIOS. If the BIOS is validated, it may complete execution. Otherwise, if the BIOS in not validated, BIOS execution may be halted to prevent execution of potentially-malicious code.
To assure that digital signature validation of BIOS or other code is properly executing to identify unvalidated code, developers and test engineers of such validation software have typically consisted of manual modification by a person to various bits in a signed executable or other file and then checking for a digital signature failure. Such approach may require high overhead for developers and test engineers to perform these modifications for every code release to validation, plus such approach is not scalable, and has limited testing scope and testing scenarios. In some software development methodologies, a signed BIOS or other executable file may have releases occurring as frequently as daily, further adding to the overhead. In addition, in some cases, these binary modifications are sometimes not performed by skilled technicians and may include other unexpected or errant test results from the modifications, increasing engineering burden of this approach even further.